Durdur 🐝
Durdur is a CLI tool for Linux implementing L3/L4 packet dropping with eBPF/Go.
How to use
Durdur is easy to use with these commands: attach, detach, drop, undrop, and list.
All commands should be run with root privileges.
Attach
attach installs Durdur on the system for a specific interface.
durdur attach --interface eth0Detach
detach uninstalls Durdur from the system.
durdur detachDrop and Undrop
drop and undrop checks all (ingress) L3 and L4 packets in the system and either block or allow them.
Both commands support the following flags:
srcfor the source address value of an IPv4 packet.dnsfor the domain value of a DNS packet.
Example usage for drop;
durdur drop --src "192.0.1.1"durdur drop --dns "example.com"Example usage for undrop;
durdur undrop --src "192.0.1.1"durdur undrop --dns "example.com"List
list writes all entires of the maps to the stdout. It has 3 subcommands; src, dns, and all.
Example usage for list;
durdur list srcdurdur list dnsdurdur list allHow to install
From source;
Build and use build/durdur binary.
make buildFrom Docker image;
Build the image.
make build-dockerRun the container with privileges.
Example usage;
docker run --rm -i -t --net="host" --privileged -v /sys/fs/bpf:/sys/fs/bpf durdur -- attach -i eth0docker run --rm -i -t --net="host" --privileged -v /sys/fs/bpf:/sys/fs/bpf durdur -- drop --dns "example"PS: You don't need to use --net="host" if you don't want to access host's interfaces.
TODO
- [ ] Egress support.
- [ ] Wildcard support to DNS.
- [ ] IPv6 support.
- [ ] Multiple interfaces support.
- [ ] Port support.
Copyright
GPL-3.0 license,
Copyright 2022-2024 Bora Tanrikulu [me@bora.sh](mailto:me@bora.sh)